If you have been following the Universe 2021 announcement, you've already heard about it, but now it's official: We've launched beta Ruby support for CodeQL and GitHub code scanning 🚀 !

What's in the box?

Ruby is the 10th most popular language within the open-source community. To help secure services and tools created with Ruby, this beta release spots many of the most common security issues including SQL injection, regular expression denial-of-service (ReDoS), multiple cross-site scripting attack vectors, command-line injection, and more.

How do I enable it?

CodeQL for Ruby is available by default in GitHub.com code scanning, the CodeQL CLI, and the CodeQL extension for VS Code starting today. It will also be included in GitHub Enterprise Server 3.4. Ruby joins the list of supported CodeQL languages, which also includes C/C++, C#, Java, JavaScript/TypeScript, Python, and Go.

To start using the new Ruby analysis in code scanning, simply update your existing workflow file. Or if you’re new to code scanning, set up an analysis workflow from the Security tab in your repository.

Want to contribute or write your own CodeQL queries for Ruby? This guide will help you get started.

How can I give feedback?

If you run into any problems or have a question about the Ruby/CodeQL beta (setup, alerts, etc.), please respond to this thread. Please supply as much detail as you can about the issue you encountered, as well as information to reproduce if available. If you don't feel comfortable posting in this public discussion, please open a support ticket.

We also encourage you to use the CodeQL Discussions forum for any questions related to running or writing CodeQL.